Commit Graph

29160 Commits

Author SHA1 Message Date
Tobias Frauenschläger 0bb094e644 Send alert in case of decrypted all-zero message 2026-03-05 17:11:39 +01:00
David Garske 36328e31a5 Merge pull request #9857 from douzzer/20260303-linuxkm-aarch64-fixes
20260303-linuxkm-aarch64-fixes
2026-03-05 07:53:00 -08:00
Tobias Frauenschläger 4c5df4f2d9 fix typo in PKCS#11 V3 init 2026-03-05 16:41:05 +01:00
Eric Blankenhorn 0c2de309db Fix wc_ecc_sign_hash_ex with Intel QA 2026-03-05 09:35:23 -06:00
Eric Blankenhorn 998967ea41 Fix review feedback 2026-03-05 08:51:52 -06:00
Eric Blankenhorn 7f487b9869 Fix checkPad to test for zero padding 2026-03-05 08:32:18 -06:00
Eric Blankenhorn 6dc4ba8a24 Fix from review 2026-03-05 08:23:02 -06:00
Eric Blankenhorn fe12395e61 Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init 2026-03-05 08:13:26 -06:00
Tobias Frauenschläger eaa40f3df6 Harden hash comparison in TLS1.2 finished 2026-03-05 11:46:33 +01:00
Paul Adelsbach 73f352692b Fix cppcheck warning 2026-03-04 19:51:22 -08:00
Sean Parkinson 34916c80c8 ASN: improve handling of ASN.1 parsing/encoding
ToTraditionalInline_ex2 original ASN code:
  - Now return 0 when no OCTECT_STRING data found.
  - Change callers to accept 0 as a valid returnb value.

SizeASN_Items:
  - Change encoded size to word32 as won't be negative.
- Change callers to supply a pointer to a word32 instead of integer.
Fix casting due to change of parameter type.

ASN_LEN_ENC_LEN: Function to calculate the length of the encoded ASN.1
length.

GetLength_ex:
  - Change minLen to word32
- Change length to word32 and change negative check appropriately for
different type.

GetASNHeader_ex:
  - If not checking lengths in GetLength_ex, check it here.
DecodeObjectId:
  - Ensure no overflow in calculation.

_RsaPrivateKeyDecode (original)
  - Clear RSA integers on failure (will be done in free anyway).

wc_CreatePKCS8Key (original):
  - safe check of overflow.

DecryptContent (templare):
- Parse will fail if OID not recognized, and recognized OIDs are 9/10
bytes long - but check idx is 9/10 anyway so we know we can read 2 end
bytes of data.

wc_RsaPublicKeyDecode_ex (original):
- Fix calculation of seqEndIdx and use it to bound modulus and
exponent.

DecodePolicyOID
  - enusre inSz is not too long.
  - Ensure no overflow in calculation.

SetOidValue (orginal):
  - Safe check of inSz and oidSz.

SetAltNames (original):
  - Improve length checks

FlattenAltNames:
  - Check for overflow.
  - Better length check.

ParseCRL_CertList (original):
  - overflow check
2026-03-05 13:11:30 +10:00
Paul Adelsbach 569a96fbd2 Fix for C++ compilers 2026-03-04 15:01:08 -08:00
JacobBarthelmeh 13ebc5b9bf fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers 2026-03-04 15:59:56 -07:00
Paul Adelsbach 22d7550f8e CRL enhancements for revoked entries 2026-03-04 14:53:28 -08:00
JacobBarthelmeh 1ddefce99b fix benign typo with sizeof 2026-03-04 15:28:27 -07:00
Daniel Pouzzner 67bcaff4b8 linuxkm/module_hooks.c: fix syntax error in wolfssl_init(). 2026-03-04 16:13:09 -06:00
kaleb-himes 2603996be7 Implement copilot suggestion 2026-03-04 15:10:16 -07:00
kaleb-himes b807595932 Fix all shellcheck items 2026-03-04 15:06:55 -07:00
Eric Blankenhorn 165c2cf017 Fix wolfSSL_get_peer_quic_transport_version 2026-03-04 15:26:59 -06:00
Eric Blankenhorn d9237210fc Fix sniffer CreateSession 2026-03-04 14:50:21 -06:00
Daniel Pouzzner f04e6e8718 tests/api.c and tests/api/test_pkcs7.c: fixes for CFLAGS="-Og" --enable-all (PRB-single-flag.txt line 3). 2026-03-04 14:46:20 -06:00
Eric Blankenhorn 37d6c14ddf Fix in wolfSSL_CTX_GenerateEchConfig 2026-03-04 14:43:27 -06:00
Eric Blankenhorn 2cd3b7b67d F362 kNistCurves Table 2026-03-04 14:29:50 -06:00
Daniel Pouzzner 1297a85b03 wolfcrypt/test/test.c:
* skip pkcs12_test() if NO_SHA;
* sha3_224_test(): fix error-path leak and possible uninited-read of shaCopy.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner fe93ec87b1 linuxkm/module_hooks.c: in dump_to_file(), accommodate mis-prototyped kernel_write() in kernels 3.9-4.13. 2026-03-04 13:14:07 -06:00
Daniel Pouzzner f67c29ae51 linuxkm/Kbuild:
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.

linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.

linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 8d1b825558 configure.ac:
* add --enable-wolfentropy as a synonym for --enable-wolfEntropy;
* avoid -Wno-deprecated-enum-enum-conversion when KERNEL_MODE_DEFAULTS, to work around old gcc with broken results from AX_CHECK_COMPILE_FLAG();
* rework help messages for several synonym options to refer to the canonical option (--enable-linuxkm-pie, --enable-kyber, --enable-dilithium, --enable-amdrand, --enable-entropy-memues).
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 4a51ed4c26 wolfcrypt/test/test.c: add FIPS gates around "Copy cleanup test" exercises added by 4713ad5675 (#9829). 2026-03-04 13:14:07 -06:00
JacobBarthelmeh be245dc4d7 adjust macro guard on test case 2026-03-04 11:20:08 -07:00
Daniel Pouzzner 1c8d593af7 Merge pull request #9860 from anhu/for_length
Fix for loop exit condition.
2026-03-04 12:18:31 -06:00
JacobBarthelmeh 5117acb7be harden compare of mac with TLS 1.3 finished 2026-03-04 10:49:02 -07:00
night1rider daf3b067d4 Add common SHA copy/free helpers with leak-safe msg buffer handling and copy/free crypto callbacks to replicate the non-callback code behavior when using MAX3266X_SHA_CB. 2026-03-04 10:27:22 -07:00
night1rider c3b329eb2e Refactor to use HASH_KEEP option instead of dedicated context for SHA, also add HASH_KEEP to sha1 context with correct init/free calls 2026-03-04 10:27:22 -07:00
Zackery Backman 2f2fca6a91 Remove stdio inclusion and then revert removal of null check for MXC free 2026-03-04 10:27:22 -07:00
night1rider 224ac9e2ff Add setting callback and MXC init when using arm asm with callbacks 2026-03-04 10:27:22 -07:00
Zackery Backman 4ef0492f23 Improve logic behind copy and free for sha, add copy and free callback functions, fix sha224 crashing when using callbacks for MAX32666 due to unitialized struct. 2026-03-04 10:27:22 -07:00
JacobBarthelmeh 6b3dec4898 additional sanity check on number of groups passed to set groups function 2026-03-04 10:20:09 -07:00
JacobBarthelmeh e7e1d0e5f7 adjust test for edge case builds 2026-03-04 10:01:45 -07:00
Anthony Hu 9d3cc6e30c Fix for loop exit condition.
size should be length.  s includes offset, so it must be compared against
length, not size because size is only what is after offset.
2026-03-04 10:17:33 -05:00
Tobias Frauenschläger 7842bf30f4 Fix for DTLS1.3 HRR group handling
When a server uses a HRR to negotiate the key exchange group to use, the
selected group is advertised in the HRR key share extension.
Furthermore, this group is also stored in the Cookie that is sent to the
client. When the server receives the second CH, the group used in the
key share extension MUST be the one of the HRR.

For stateless DTLS servers, the handling of this check had a bug. The
key share group of the HRR is stored in the ssl->hrr_keyshare_group
variable and is checked against the received key share of the second CH.
However, in the stateless server case, another CH message may be
received inbetween the two CH message of the desired client, potentially
overwriting the ssl->hrr_keyshare_group variable. This then causes
handshake failures when the ssl->hrr_keyshare_group variable contains
another group than the second CH message of the desired client.

To fix this, the following changes are conducted:
1. Disable the ssl->hrr_keyshare_group check for stateless DTLS 1.3
   servers. As long as the server is stateless, CHs from multiple
   clients may be received that individually cause HRRs with different
   groups. For each of these clients, the HRR group is properly stored
   in the cookie.
2. When a valid cookie is received from the client, the server becomes
   stateful. In this case, we now parse the cookie for a stored HRR
   group in the RestartHandshakeHashWithCookie() method. If present,
   we restore the ssl->hrr_keyshare_group variable to this group to
   ensure the error checks succeed.
3. Move the check of ssl->hrr_keyshare_group of the the KeyShare
   extension parsing logic into the general TLS1.3 ClientHello parsing
   after extension handling. This ensures that the order of the cookie
   and key share extensions does not matter.

A new test is added to check for this behavior.
2026-03-04 15:58:45 +01:00
Anthony Hu 069be208ee Macro guard parameter null check. 2026-03-04 07:56:11 -05:00
Sameeh Jubran 441bcbb680 Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
RSA-PSS signed certificates contain a valid RSA public key that can be
used for key transport, but wc_PKCS7_AddRecipient_KTRI and the
EnvelopedData/AuthEnvelopedData encode paths rejected them because they
only checked for RSAk. Allow RSAPSSk to fall through to the RSAk key
transport path, and always use RSAk as the KeyEncryptionAlgorithmIdentifier
since the operation is RSA encryption, not RSA-PSS signing.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-03-04 12:24:08 +02:00
Sean Parkinson 71226b68b6 RISC-V 32 no mul SP C: implement multiplication
No multiplication instructions when M extension not included.
Standard implementation of __muldi3 is not constant time.
Include a constant time implementation when SP_NO_MUL_INSTRUCTION is
defined
Define it when compiling for RISC-V 32 and no multiplication extension.

Also fix get_entry in SP C implementation to do constant time
comparison.
2026-03-04 19:23:20 +10:00
JacobBarthelmeh a4c4740ea8 additional sanity check with session ticket size 2026-03-04 00:17:42 -07:00
Ruby Martin 682901e32e return MP_VAL if n < 0. remove check for max int value
remove comment
2026-03-03 09:50:16 -07:00
Daniel Pouzzner 350706d2c8 Merge pull request #9847 from embhorn/gh9846
Fix DRBG_internal alloc in wc_RNG_HealthTestLocal
2026-03-03 00:23:10 -06:00
Ruby Martin 0ef8541b73 validate hashAlgSz is within bounds before calling XMEMCPY 2026-03-02 15:05:01 -07:00
kaleb-himes 10874aec82 Nth attempt to resolve port collisions once-and-for-all 2026-03-02 14:05:42 -07:00
Eric Blankenhorn 42e51701e1 Fix DRBG_internal alloc in wc_RNG_HealthTestLocal 2026-03-02 11:19:38 -06:00
Josh Holtrop a87446ca9e Rust wrapper: mlkem: avoid unit test warnings 2026-03-02 11:49:14 -05:00